Simple Ransomware Protection

By Dag, on January 16th, 2017

There's been a lot of ransomware mails going around lately. These are often Trojan.Encoder
variants and are all extremely bad for your data. Most of these takes advantage of
Windows Scripting Host running JavaScript files with all the rights they can't do from the web.
They require the user to actually click on the files, so it often comes in the form of an
important document the user perhaps is expecting. This script can help you relate those
files to notepad instead of WSO, so that if you or another user of your computer clicks on
one of those files, they will open in notepad instead and just provide gibberish, without
executing any dangerous code.

@ECHO OFF
MODE CON:COLS=50 LINES=10
TITLE Simple Ransomware Protection
COLOR 17
ECHO Attempting to relate .js, .jse files to notepad.
assoc .js=jsfile >nul
assoc .jse=jsfile2 >nul
ftype jsfile="%windir%\system32\notepad.exe" %1 >nul
ftype jsfile2="%windir%\system32\notepad.exe" %1 >nul
ECHO Done.
ECHO.
ECHO Will now try to open a test .js file.
ECHO If it opens in notepad, .js ransomware scripts
ECHO will as well without executing, making you safe.
ECHO.
PAUSE
ECHO Starting test.js
start %~dp0\test.js
ECHO.
ECHO If it asks you what program you want to open
ECHO with, choose notepad or another text editor.
ECHO If you or another user of your computer opens
ECHO a ransomware file, WSO (Windows Scripting Host)
ECHO will no longer open it by default. WIN!
ECHO.
PAUSE

test.js

Should be opened in notepad when clicked after running protection script.

If you have been unlucky and have already been infected, there's a company named Dr. Web that may help you for ~150 EUR with their
rescue pack. I've tested it twice on clients willing to pay, and it has worked painlessly. It's roughly half price of what hackers
usually demand. It's only an .exe file and the decryption key. I created the below script to use it.